How is Local DNS and non FQDNs supposed to work

Sm1 · August 18, 2021, 3:17pm

I've read lots of the posts on here (eg. How to handle DNS on Pi-hole, DHCP on router and also resolve local hostnames) and other places and I just can't work out how local DNS lookups are supposed to work. PiHole AD blocking and external DNS work fine.

It seems like we need a new option in the DNS settings for "Send non FQDN queries to" and a box so we can put in the IP of the DHCP server/Router.

My setup:

Router 192.168.0.1 is DHCP (I can't use PiHole as my router provides much more functionality)
PiHole 192.168.0.3 is given to all clients as DNS by Router DHCP
PiHole 192.168.0.3 is in DNS for WAN interface on Router

PiHole is running in a VMware vSphere 6.5 VM, OS is Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-80-generic x86_64)

Upstream DNS in PiHole is 127.0.0.1#5053 and 127.0.0.1#5054 which are configured for DNS over HTTPS to Cloudflare

NOT ticked - Never forward non-FQDNs
NOT ticked - Never forward reverse lookups for private IP ranges
NOT ticked - Use DNSSEC

IS Ticked - Use Conditional Forwarding
192.168.0.0/24 192.168.0.1
Local domain name empty (I don't have one and don't want one/shouldn't need one!)

Names of the local devices appear fine in Top Clients so local reverse DNS lookups work fine.

Actual Behaviour:

PiHole can't resolve any local machines, neither can network clients, however my Router can. I can't be adding them all the dns file or DNS Records as this is way too time consuming and they change sometimes, doing this defeats the whole point of DNS.

I tried setting Custom 2 to my router but this didn't work either. I have another PiHole running on a RPI2B which has same problem.

Also another strange issue with the DNS Records feature...

I have added PI2 as a DNS entry with IP 192.168.0.4 under Local DNS > DNS Records, however when I try to resolve it ping doesn't work but nslookup does:

ping pi2
Ping request could not find host pi2. Please check the name and try again.

nslookup
Default Server: pihole
Address: 192.168.0.3

pi2
Server: pihole
Address: 192.168.0.3

Name: pi2
Address: 192.168.0.4

ipconfig /all of pc pinging/nslookup from:
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18 August 2021 14:40:46
Lease Expires . . . . . . . . . . : 18 August 2021 16:10:46
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.3
NetBIOS over Tcpip. . . . . . . . : Enabled

This is strange isn't it? PiHole clearly knows about it!

/etc/dhcpcd.conf contains:

slaac private
interface ens160
static ip_address=192.168.0.3/24
static routers=192.168.0.1
static domain_name_servers=127.0.0.1

I've also tried changing domain_name_servers to the Router.

Debug Token:

https://tricorder.pi-hole.net/z7s4As8I/
You may see from the log, I've blocked access to Google DNS on my Router as I use DNS over HTTPS but this isn't anything to do with this issue.

Sm1 · August 18, 2021, 4:05pm

That isn't right, has something gone wrong and you are looking at someone else's debug token?

Sm1 · August 18, 2021, 4:08pm

jfb · August 18, 2021, 4:15pm

Yes I am. Apologies. Many help tickets open at once. Let me start again with a proper reply for your issue.

jfb · August 18, 2021, 4:26pm

Why are you running two instances of Cloudflared on the same loopback IP?

From where was this command run? From the Pi-hole host OS terminal?

Sm1 · August 18, 2021, 4:36pm

That was from machine called pc, ipconfig details above. However doesn't matter where I ping it from pihole or other machine, it doesn't resolve it. Although oddly nslookup does.

One uses https://1.1.1.1 and the other https://1.0.0.1
They are on different ports so doesn't matter.

Bucking_Horn · August 18, 2021, 6:09pm

Note that Pi-hole doesn't touch the DNS configuration of its host.
If you haven't explicitly configured that host machine to use Pi-hole for DNS, it may send its DNS requests to public DNS servers. In that case, at least your pihole's result would be expected.

In general, you want to use dig or nslookup to analyse DNS issues - ping is not adequate.

If ping shows unwanted behaviour in your case, you should verify if and how DNS is involved, and whether DNS is actually at fault.

Let's see how both Pi-hole and your router would deal with a DNS request for pc.
Please provide the output for the following commands:

nslookup pc 192.168.0.3

nslookup pc 192.168.0.1

Also, watch Pi-hole's query log when you ping a host by name.
Depending on your network's and your client's configuration, it should register at least one and up to four separate DNS queries.

Sm1 · August 18, 2021, 10:25pm

I know, but /etc/dhcpcd.conf on pihole contains:

slaac private
interface ens160
static ip_address=192.168.0.3/24
static routers=192.168.0.1
static domain_name_servers=127.0.0.1

Also, /etc/resolv.conf contains:

nameserver 192.168.0.3
nameserver 192.168.0.4

Which are my piholes. Should the router IP go in there? It says its dynamically generated and not to edit it.

Surely ping does a DNS query to see if there is a name for the IP though doesn't it?

Thanks for the help

Bucking_Horn · August 18, 2021, 10:35pm

As I have alluded to myself, it may or may not do so - ping uses means beyond DNS to resolve hostnames, so you cannot rely on it to pinpoint DNS issues. If it does, however, you should see the corresponding DNS requests in Pi-hole's query log (which is why asked you to watch it).

Please provide the output I've requested.
(Note that I'll be offline to get some sleep now - it's way past midnight here).

Sm1 · August 18, 2021, 10:39pm

I did as screenshot above, here is it is a text...

C:>nslookup pc 192.168.0.3
Server: pihole
Address: 192.168.0.3

*** pihole can't find pc: Non-existent domain

C:>nslookup pc 192.168.0.1
Server: RT-AC66U
Address: 192.168.0.1

Name: pc
Address: 192.168.0.2

No worries, i should get sleep now too! thanks

Bucking_Horn · August 19, 2021, 9:19am

Apologies, of course you did - I must have been too sleepy already.

Could you also provide the results for the reverse lookups as well?

nslookup 192.168.0.2 192.168.0.3

nslookup 192.168.0.2 192.168.0.1

I'd expect both of those commands to return pc.

EDIT:

I guess the reason the forward lookup doesn't succeed is likely this:

Reverse lookups are taken care of by

rev-server=192.168.0.0/24,192.168.0.1

But since you have no local domain, a line like the following is missing:

server=/fritz.box/192.168.0.1

Normal DNS lookups will therefore be handled the usual way:
nslookup pc will have Pi-hole check if it knows A or AAAA records for pc itself, and since it doesn't, those queries will then be forwarded upstream - without a local domain, Conditional Forwarding can't kick in.

To fix your issue, you can either define a local domain on your router, have Pi-hole act as your DHCP server, or define local DNS records for your devices.

In case your router is distributing Pi-hole's IP address as DNS server via DHCP, you could also configure Pi-hole to use your router as its sole upstream and ditch CF altogether.
This would probably be the easiest approach.
However, that option is only viable if your router would not be using Pi-hole as its upstream DNS server (lest you would close a DNS loop).

Sm1 · August 19, 2021, 6:38pm

Yeah they do.

When I do this, my router uses WINS for some odd reason and adds itself as WINS server in the DHCP config, is that normal?

However yes local DNS does then start working. I don't really want to use WINS, or a local domain.

Ok but then how would I use DNS over HTTPS? Or could I put my router's DNS to the Cloudflare port on the Pihole somehow? Not sure if my router will accept a different DNS port.

Edit...

This is why a new feature would be really useful here... in the DNS settings for "Send non FQDN queries to" and a box so we can put in the IP of the DHCP server/Router.

Thanks

Bucking_Horn · August 20, 2021, 10:00am

I've looked a bit deeper into dnsmasq's documentation:
You should be able to get plain hostname resolution without a local domain by adding the following line to a custom dnsmasq configuration fiile (e.g. 42-unqualified-hosts-forward.conf):

# forward unqualified names to be resolved by my router's IP
server=//192.168.0.1

Then run a dnsmasq syntax check:

pihole-FTL dnsmasq-test

If ok, restart Pi-hole:

pihole restartdns

Never forward non-FQDNs needs to be unticked for that to work.

I'd probably prefer to have Pi-hole set that line when CF is enabled.

Sm1 · August 22, 2021, 10:08pm

Sorry for delay, where can I find this file or do I need to create it in a specific location?

Thanks

jfb · August 22, 2021, 10:12pm

Create this file in directory /etc/dnsmasq.d

Sm1 · August 22, 2021, 11:05pm

Thanks, looking better but getting some strange results with the entries in the DNS Records in PiHole. I know you said don't use ping for DNS issues but its strange that it works with one entry but not another?

And considering that PI2 is my other PiHole and in my DNS its very strange it doesn't find it!

Bucking_Horn · August 23, 2021, 6:46am

ping uses many different means to resolve hostnames, not just DNS.
The .local domain in your above first command result suggests a resolution via mDNS.
ping would also consider local hosts file entries e.g., and a Windows ping may also mix in things like lmhosts, NetBIOS resolution, WINS, AD services etc.. That's a lot of opportunities to have ping resolve a name that nslookup wouldn't know, or have it pick an address that has no corresponding DNS record match.

Under some conditions unknown to me, a Windows ping may also fail to issue DNS requests at all, and is then seemingly stuck with aforementioned different means for good.
Sometimes, ipconfig /flushdns is enough to prompt ping to query DNS again, other remedies include restarting Windows' DNS client service or the whole machine.

Alternatively, you should be able to force ping into requesting proper DNS resolution for a specific run by appending a dot to your name, e.g. eufy..

If this bothers you a lot because ping is constantly misbehaving by omitting DNS queries on your PC, then you could consider to manually add the dot (".") to your search domains for that PC's network adapater. This should prompt Windows tools to issue a DNS query (when they consider the search domain), but then it may also interfere with intended local hostname overrides on that machine.

And please, just don't ever give me a ping again if you want to analyse DNS issues.
EDIT: In other words, as said before: Please use dig or nslookup to analyse DNS issues.

Sm1 · August 23, 2021, 2:10pm

Ok fair enough, however other apps (even after a ipconfig /flushdns) can't resolve pi2 ....eg.

Sm1 · August 23, 2021, 2:29pm

Yes I thought that was strange. Is mDNS part of PiHole?

jfb · August 23, 2021, 2:49pm

No. It is frequently associated with the Apple Bonjour protocol.